Open in app

Sign in

Write

Sign in

[CyberDefenders write-up] Intel 101

CyberStory.net
8 min readJun 8, 2023

--

Good morning everyone!

Another OSINT challenge under ‘Threat Intel’ category.
The scenario seems to be pretty straightforward, so let’s make it as quick as possible.

If you find this sort of content helpful in your learning process, follow me on Medium/LinkedIn/Twitter and let’s learn together.
More about myself and my activities can be found > HERE <
Cheers!

Let’s see what we’ve got here.
8 questions and some simple instructions.

Plus one jpg file. Probably for some reverse image searching or geolocation. Questions do not have any common context, so this challenge is just like a little warm up before more complex OSINT tasks.

Q1
Who is the Registrar for jameskainth.com?

Well, just open any WHOIS checker you know or choose the very first one from Google. I usually start as simple as possible and for me this means that I’m typing who.is in my browser. If you want to feel more terminal vibe you can use ‘whois’ command in your Linux.

Just remember that they ask about the Registrar. Usually a business who acts on behalf of customers.

Q2
You get a phone call from this number: 855–707–7328, they were previously known by another name? (No spaces between words)

Let’s google the number to see what open sources say about their name.
So from the very first reputation site we know they are known as ‘Time Warner’ and people say they are nasty scammers. But the questions ask us about their previous name.

The format of the answer suggests ‘t’ as a first letter, so there might be some variance of their current name.

There are over 500 complaints only on this site. Let’s check what people say. When scrolling through all comments I can see other possible names like ‘Spectrum’, Solutions Plus’, Charter Communications’. People refer to ‘Spectrum’ in most cases, but unfortunately this is not the correct answer.

We will need to dig a dipper, so maybe check the exact business name/entity. Google help us again. Bingo, we’ve got the full business name and our answer to Q2.

Q3
What is the Zoom meeting id of the British Prime Ministers Cabinet Meeting?

Wow, this one sounds interesting, but I’m afraid that finding the answer will take less than a minute. Google it.
I was right. One of the first articles says about it.
Here is the British former PM and his meeting zoom ID.

Q4
What percentage of full-time degree-seeking freshmen from the fall of 2018 re-enrolled to Champlain in the fall of 2019?

Hell yeah. After easy-peasy Q3, this one sounds like a nightmare. But maybe there is no need to panic. Let’s think about it:

Freshmen. Champlain College. Between Re-enrolled from 2018 to 2019. Full-time degree.

Let’s start simply by googling these keywords without creating any advanced queries. There are a lot of ranking data and statistics, but this particular information is not easy to find.
The format of the answer has to be over 80%.

I was able to find a website with really nice data visualizations:
hxxps://datausa[.]io/profile/university/champlain-college

There is even a section which should provide the exact value we’re looking for.

I used ‘Wayback Machine’ to check if there are any previous site snapshots available. Especially with reference to 2019.

Unfortunately 82% is not the answer.
Checking past website snapshots might be a good approach. Maybe there are better sites, with more precise percentage data.

I found that in the past it was possible to check some statistics with the University and College Accountability Network (UCAN). However, they stopped providing information in March this year (2023). A pity.
But nothing can stop us from playing with website snapshots.

Live UCAN site cannot provide us with such information, but when we browse some old student discussions, we can see that sometimes people refer to URLs like: ucan-network.org/champlain or members.ucan-network.org/champlain.

The second one has multiple snapshots available, and the one from March 2020 is especially interesting.

This site is incomplete, but when you scroll down you will find our answer eventually!

Q5
In 1998 specifically on February 12th, Champlain was planning on adding an exciting new building to its campus. Back then, it was called “The Information Commons”. Can you find a picture of what the inside would look like? Upload the sha256 hash here.

We need a specific file hash here, so I assume checking College website resources should be the best place to find anything relevant. I’m gonna first check the current version of the website and if not find anything accurate, I’ll try with Wayback Machine again. So let’s start crawling, but before going directly to their webpage it’s worth trying with Google advanced queries.

This query returned some results.
“The Information Commons” AND 1998 site:www.champlain.edu

If you haven’t used advanced queries before, this one means that:
We’re looking for the exact phrase “The Information Commons”
AND operator creates a second condition here and site: narrow down our search to the particular domain. So in this case we want Google to check for our phrase with some connection to 1988 year, and it should only check the College website.

Ok, we found a Timeline page on a college website, and there is even a photo of the library back in 1998.

The problem is that this is the only photo here and according to the question 5, we need a picture from the inside.
If you have a browser plugin like RevEye you can just right-click on a photo to initiate a reverse image search. It’s always good to check multiple search engines.

Bing directed us to the college website once again, but this time it led us to a blog post that seems to have brought us very close to the answer we were looking for. This website provides more elaborate information and images of the library.

libraryblog.champlain[.]edu/2018/04/05/happy-birthday-mic/

On the right side we can see archived posts, but we can only go back to 2008. Let’s play with the above URL to see if we can find anything from 1998.
Nothing, but let’s modify our initial search query and indicate only blog subdomain libraryblog.champlain.edu
Again nothing. This means that we will need to jump in to the Wayback Machine and see through the past. Let’s check the main domain champlain.edu

Oh yes, this page has a history. Let’s check anything in 1998 and around.
We have two snapshots from 1998. The one from Feb looks like this, and I think we are very close…

And we have some pictures. I expected some photos first, but picture is picture, can also be a drawing :)

I downloaded the bottom one and let’s get its hash.

Bingo. This is our answer.

Q6
One of Champlain College’s Cyber Security Faculty got a bachelor’s degree in arts from this Ohioan university. Who was the other faculty member who studied there? (FirstName LastName — two words)

Most OSINT tasks we start from Google, so let’s start googling something like “Champlain College’s Cyber Security Faculty” (start simple)

We look at someone with a short name starting with ‘T’ letter.
Unfortunately, the faculty page doesn’t contain anyone matching these criteria.

I quickly typed another Google query like — intext:Ohio site:champlain.edu, and it has returned two results. I believe Todd is the answer here :)

Q7
In 2019 UVM’s Ichthyology Class Had to Name their fish for class. Can you find out what the last person on the public roster named their fish?

First let’s try to put some keywords in Google and see results. Nothing relevant. I tried multiple queries and hecked multiple pages and sections of the University’s website. Eventually I landed on the ‘Rubenstein school of environment and natural resources’ subpage (https://www.uvm.edu/rsenr). The only place with many references to wildlife and environment. I tried to use built-in search and Google advances queries to get closer to anything about ‘fish name’, but no success at all.

Looks like the Waybach Machine is our last resort in this case. Let’s have a look at this page and try to extract all historical URLs.

Ok, over 6k possibilities, but fortunately there is a search bar on the right.
When I typed ‘fish name’ I got only two results and the first one looks promising! Let’s quickly have a look inside.

I was able to find and download the Excel file which includes our answer!

Q8
Can You Figure Out Which State This Picture Has Been Taken From? See attached photo

Last one. This time we need to investigate our picture we downloaded at the beginning.

Bin Visual search did the job and found the same photo from a slightly different angle. I’m not 100% convinced it’s a same statue, but it's still suggesting some sort of amusement park.

The second photo took me to Dinosaur Land and address details include the state name, which is our answer!

Hope you enjoyed my write-up!

If you find this sort of content helpful in your learning process, follow me on Medium/LinkedIn/Twitter and let’s learn together.
More about myself and my activities can be found > HERE <
Cheers!

Writeup
Ctf Writeup
Osint Investigation
Cybersecurity
Cyberstory

--

--

CyberStory.net

Written by CyberStory.net

20 Followers

🛡️ Security Engineer & 🔎Cyber Investigator 🗣️Talking about #privacy #security #ai #cybercrime 🗞️Join my FREE Substack newsletter https://bio.cyberstory.net

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams